Devise taking too much time to make user logged in? - Rails

If you are facing an issue in which your rails application is using gem 'devise' and taking too much time while user tries to login then one of the biggest reason can be 'stretches' and 'bcrypt'. By default, devise uses bcrypt for encryption of your passwords. So, if you are facing this issue then it means you haven't specified :encryption option in your model and devise is using default encryption technique i.e. 'bcrypt'.
By specifying 'stretches', you are specifying complexity of encryption. Higher value of 'stretches' means higher security and higher difficulty for unauthorized decryptionNormally, I prefer 12 as a value for :stretches but if you really want to increase this complexity, it can cause very serious issue with bcrypt encryption. Bcrypt encryption will take too much time or it may take that much time in which your server will give you error of timeout.

To fix this issue is to reduce :stretches or to use another encryption technique. You can use some other encryption such as 'sha1', 'sha512' etc. But I suggest you to read Hash algorithm Vs bcrypt before going forward to change encryption technique. Now if you still want to change your encryption technique, you just need to add :encrytable option in your model with :stretches more than 20 and to specify encryptor in devise initialisation file. Here I am using 'sha512' as encryptor.

My model:

...
...
devise :database_authenticatable, :registerable,
&nbsp&nbsp&nbsp :recoverable,:rememberable, :trackable, :validatable,
&nbsp&nbsp&nbsp :confirmable, :encryptable, :stretches => 30
...
...

My devise initializer (devise.rb):

...
...
config.encryptor = :sha512
...
...


If you face an errror: 'uninitialized constant Devise::Models::Encryptable (NameError)', try to install gem 'devise-encryptable'

# In your gem file
gem 'devise-encryptable'

# On console
$ bundle install

Remove the following from your devise.rb:

# Automatically apply schema changes in tableless databases
config.apply_schema = false
# If true, uses the password salt as remember token. This should be turned
# to false if you are not using database authenticatable.
config.use_salt_as_remember_token = true

Further if you got error about password_salt: undefined method `password_salt' for #<User:0x37a1678>

Just add a new column in your users table with name 'password_salt' to store salt.

Thats it!


More help, if you are upgrading to Devise-2.1

Comments